1. Field of the Invention
The present invention relates to connection device restriction program and device, and more particularly, to a program and device for restricting use of connection devices connected to a computer.
2. Description of the Related Art
Computers used in offices and homes, for example, personal computers (hereinafter PCs), have a built-in function of automatically installing device drivers and making necessary settings when peripheral devices or expansion cards (hereinafter referred to generically as devices) are connected. For example, PCs are equipped with connection devices, as typified by USB (Universal Serial Bus), which permit easy connection of various peripheral devices including a keyboard, a mouse, an external storage, etc.
A USB device has a built-in function of transmitting information such as device type in response to a request from an OS (Operating System), which is basic software, when the USB device is connected to a PC.
FIG. 11 is a flowchart showing a conventional procedure for reading out USB device information. On receiving a notification that a USB device has been connected to a connection port, the OS requests device information on the connected USB device and extracts target USB device information (Step S91). The extracted USB device information is then sent to the OS (Step S92). After the USB device information is acquired in this manner, the OS identifies the device type etc. of the connected device and performs necessary processing to permit use of the connected device. This procedure enables immediate use of a device newly connected to USB.
However, the ease of connection of peripheral devices poses security problems such as a leakage of information from the PC or ingress of unnecessary information into the PC.
To solve such problems, there have been proposed techniques for restricting use of peripheral devices according to their categories. The category “storage”, for example, is set, whereupon a storage device, if connected, cannot be used.
A connection collation system has also been proposed in which the serial numbers of connection terminals are registered in a computer, the serial number of a connection terminal requesting permission for connection is collated with the registered serial numbers, and connection of the terminal is permitted only if the serial number of the terminal is registered (see Unexamined Japanese Patent Publication No. 2003-6166 (paragraph nos. [0007] to [0019], FIG. 1), for example).
However, the conventional connection device restriction techniques are poor in usability because of the inability to allow detailed setting of restriction conditions or the need for complicated setting operation, and are associated with a problem that the use of uncalled-for connection devices cannot be prevented.
Where the use of devices is restricted according to categories, it is not possible to place restrictions on individual devices separately, since the determination as to restriction is made at a level near the application program, namely, at a level where the information on devices is so abstracted that detailed information on individual devices is not available. For example, if restriction is placed on the category “storage”, all storages fail to be connected. A problem also arises in that restriction can be imposed only on the existing categories.
On the other hand, with the connection collation system in which the serial number of a connection terminal is collated to determine whether to permit connection of the terminal, it is necessary to register the serial numbers of all terminals whose connection is to be permitted. Thus, if the system is operated on a large scale, the number of terminals to be registered increases, making the registration work complicated and also possibly entailing erroneous registration. Further, the system merely determines whether a terminal may be connected or not and does not allow detailed settings such that a certain terminal is permitted to read but not to write, for example.
Thus, with the conventional device restriction techniques, restrictions can only be placed according to existing categories or on individual devices, and it is not possible to make various restriction settings, such as restrictions on users, makers, products, connection devices to be used, modes of use, etc. For example, the conventional techniques are unable to cope with a situation where “Mr. A is permitted to use only the USB memory with the identification number Z and the product name Y, produced by X Corporation, and is not permitted to use other USB memories and USB devices.” Accordingly, there is every possibility that restriction fails to be imposed in a desired manner or that the settings are omitted or erroneously made, giving rise to a security problem that the use of uncalled-for devices cannot be prevented.